Sunday, 22 February 2009

git fine-grained access control

If we are going to switch from CVS to Git we are going to need to implement the fine-grained access control features we have now. For example:

only certain users are allowed to commit to each branch.

only certain paths can be committed to on each branch.

only certain users are allowed to create tags in the central repository. (I'd like to get rid of this limitation, but it's there now. Perhaps only limit tag names that match a particular set of regular expressions.)

Since all of the software modules are released at similar times it makes sense it keep them all in one repository, and for internal security reasons the repository is probably only going to be accessible via HTTPS. This means that we won't be able to use Gitosis, which currently only works for SSH access.

Junio Hamano and Carl Baldwin have an update-hook-example that describes how to implement an access control hook script, so we will base things on that. Their example assumes that the user has logged in using ssh so they can use username=$(id -u -n) but since we are coming in via the web we'd have to use the REMOTE_USER environment variable instead.

I think it makes sense to use a configuration file that is similar to the Gitosis config file, which people are familiar with. This is just an ini file that can be parsed using Config::IniFiles or something similar to Gitosis::Config, so this shouldn't be difficult.

Something else worth looking at is gerrit, which describes itself as follows: